CySecurity News - Latest Information Security and Hacking Incidents, EN

Embargo Ransomware Uses Custom Rust-Based Tools for Advanced Defense Evasion

 

Researchers at ESET claim that Embargo ransomware is using custom Rust-based tools to overcome cybersecurity defences built by vendors such as Microsoft and IBM.

An instance of this new toolkit was observed during a ransomware incident targeting US companies in July 2024 and was composed of a loader and an EDR killer, namely MDeployer and MS4Killer, respectively, and was observed during a ransomware attack targeting US companies. 

Unlike other viruses, MS4Killer was customized for each victim’s environment, excluding only selected security solutions. This makes it particularly dangerous to those who are unaware of its existence.

It appears that the tools were created together and that some of the functionality in the tools overlaps.

This report has revealed that the ransomware payloads of MDeployer, MS4Killer and Embargo were all made in Rust, which indicates that this language is the programming language that the group favours. 

During the summer of 2024, the first identification of the Embargo gang took place. This company appears to have a good amount of resources, being able to develop custom tools as well as set up its own infrastructure to help communicate with those affected.

A double extortion method is used by the group – as well as encrypting the victims’ data and extorting data from them, they threaten to publish those data on a leak site, demonstrating their intention to leak their data. 

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: